最後更新: 2020-10-24

LXC, LXD Disable IPv6

By "GRUB_CMDLINE_LINUX"

修改 /etc/default/grub

GRUB_CMDLINE_LINUX="... ipv6.disable=1 ..."

# U 14

update-grub

# C 7

grub2-mkconfig -o /boot/grub2/grub.cfg

LXD

# IPv6 in containers is configured on a per-network basis.

# CLI

lxc network set lxdbr0 ipv6.address none

在 Shorewall 在前的情況

auto eth0
iface eth0 inet static
        address 192.168.123.10
        netmask 255.255.255.0
        network 192.168.123.0
        broadcast 192.168.123.255
        gateway 192.168.123.1
        dns-nameservers 8.8.8.8 8.8.4.4

auto lxcbr0
iface lxcbr0 inet manual
        pre-up brctl addbr $IFACE
        up ip link set $IFACE up
        post-down brctl delbr $IFACE
        down ip link set $IFACE down
        bridge_stp off
        bridge_waitport 0
        bridge_fd 0

Contrainer Using A interface

lxc.network.type = phys
lxc.network.link = vps-name
lxc.network.name = eth1

ESXi Tip

ESXi 's vswitch 有 "promiscuous mode" 這設定,

enabled 左佢後, 在 ESXi 內的 VM 行唔到 LXC          <-- it's disabled by default.

Openvswitch

vps 的設定檔

# Network
lxc.network.type=veth
lxc.network.flags=up
lxc.network.hwaddr=4a:49:43:56:79:bf
# Interface name on OVS
lxc.network.veth.pair=lamp

# 一定要 "#" 了以下一行
#lxc.network.link=br0

# 改而用 up/down script 去建立 Network

lxc.network.script.up = /etc/lxc/ifup
lxc.network.script.down = /etc/lxc/ifdown

/etc/lxc/ifup

#!/bin/bash
BRIDGE="br0"
ovs-vsctl --may-exist add-br $BRIDGE
ovs-vsctl --if-exists del-port $BRIDGE $5
ovs-vsctl --may-exist add-port $BRIDGE $5

/etc/lxc/ifdown

#!/bin/bash
ovsBr="br0"
ovs-vsctl --if-exists del-port ${ovsBr} $5